14

If I purchase a domain name that has expired, do I have any assurance that the previous owner does not have a valid HTTPS certificate for the site? In other words, do CAs check domain name expiration dates when issuing a certificate to ensure the certificate does not outlast ownership of the domain? Or, alternatively, do CAs monitor domain name ownership and revoke certificates for domains that have been dropped?

Adi
  • 43,808
  • 16
  • 135
  • 167
PulpSpy
  • 2,204
  • 15
  • 19
  • 2
    That's a very good question, I'd never considered it before. Time to do some research! (Actually, screw that, time for bed. Will research in the morning!) – Polynomial Jul 23 '12 at 21:25
  • 2
    Just remembered, this is quite similar to [this question](http://security.stackexchange.com/q/16716/2435). – Bruno Jul 23 '12 at 21:34
  • After thinking about this, it seems the browser is better positioned to address this issue. It could compare the registration date for the domain from the whois record with the certificate issuing date, and only accept if the certificate date is later in time. – PulpSpy Jul 24 '12 at 14:02
  • @PulpSpy, not sure why a browser should reject a cert that's valid now and for which the domain name is valid now, on the basis that the a domain is going to expire in 10 months and the cert in 11 (more so because the domain could change hands before that anyway). The whois record will always be valid at the time the cert needs to be valid too for an SSL connection (for DNS purposes at the time). – Bruno Jul 24 '12 at 14:11
  • @Bruno It wouldn't reject in that case. But in 11 months, if the domain wasn't renewed by the same entity, then it would. The domain reg would 1 month old and the cert would be issued at least 11 months prior. – PulpSpy Jul 24 '12 at 16:27
  • @PulpSpy, sure, but more importantly than the cert, in 11 months, if the domain name isn't renewed, you won't be able to make a DNS request to get the IP address to make the connection. If it is renewed it could have changed hands, even if the whois entry was updated, it could simply be a change of address for the same entity. The whois DB doesn't give that much details regarding what is updated and when. – Bruno Jul 24 '12 at 16:30
  • @Bruno Correct. I envision it as only detecting domains that have gone through the entire 75 day drop process. I think it safe to assume that the domain has changed hands after this. I wouldn't trust the information provided in whois records enough to try and discern ownership transfers from the information itself. It is a simple mechanism to detect the clear cut cases (and could have an option to warn on any change). – PulpSpy Jul 24 '12 at 17:27
  • 1
    Related: [What are some risks of purchasing a “used” domain name](http://security.stackexchange.com/q/25113/396) – makerofthings7 Jan 14 '13 at 00:55

3 Answers3

9

Do I have any assurance that the previous owner does not have a valid HTTPS certificate for the site?

No, you don't.

CAs can issue certificate that are valid after the expiry date of the domain (at the time of issuance). Even if they didn't, a domain could be transferred before its expiry date.

In addition, you can't possibly control all the CAs that exist and that are trusted by potential clients. Even if there was a scheme that may monitor domain registration updates, not all CAs might be part of that scheme. You can't possibly know exactly all the CAs that your potential users may trust.

I can create my own CA and issue a certificate valid for the next 20 years for a domain that doesn't even exist yet. Of course, that's an extreme and pointless example, but if I use it as an internal CA and you happen later to register that domain, you'd have no way to know about it.

You could of course restrict your assumption to the major CAs around. However, as far as I know, they don't monitor changes to the whois database, at least for domain-validated certificates (I'm not sure if there's any provision for this situation with EV certs).

Bruno
  • 10,765
  • 1
  • 39
  • 59
  • "_I can create my own CA and issue a certificate valid for the next 20 years for a domain that doesn't even exist yet._" This CA should _not_ pass the test to enter the browser root certificate list! (but I am afraid it might) – curiousguy Jul 23 '12 at 23:17
  • @curiousguy, you're absolutely right, it shouldn't. It's true few people would import CA certs explicitly. However, some browsers come with fairly large lists and some CAs sell intermediate CAs to companies. 100% reliability is quite unlikely there. I'm not saying the PKI system is "completely broken" in that respect, but it has a number of imperfections. (It's not clear when you read some CAs commercial texts that they know what they're talking about either...) – Bruno Jul 24 '12 at 01:01
  • Thanks Bruno. My question is more about the last paragraph of your answer: is it common practice for a CA to consider/monitor domain expiration? Do browsers consider this issue in their root certificate policies? – PulpSpy Jul 24 '12 at 13:46
  • @PulpSpy, not sure, I've never let a domain expire, but I've never received any reminder from a CA telling me that my domain was going to expire. It might depend on the CA. The problem is that the whole system is driven by its weakest link. – Bruno Jul 24 '12 at 14:08
4

If we take as example Verisign's Certification Practice Statement, there does not seem to be any control on the domain ownership end date (see the conditions on domain validation, page 83 and 84: nothing about dates). Actually, the same CPS states that they consider a domain validation to be good for up to 13 months (see page 76), and the maximum lifetime for an EV certificate is 27 months, so the best guarantee you can expect is that no certificate for a domain name will exceeds the end of ownership of the domain by more than 40 months. Which is a bit long.

And we talk here only about Verisign's EV certificates. Each CA has its own rules and there does not appear to be any consensus or strongly enforced limits on that matter. Ultimately, it is the responsibility of the OS/browser vendor to set boundaries, but, as far as I know, Microsoft/Mozilla/Apple do not have regulations for matching certificate validity periods to domain expiration.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
3

You may be able to mitigate this risk by implementing TLSA (also known as DANE), where you essentially store your web servers public key in DNS. This is currently supported in Chrome.

I'm unsure if the prior owner's certificate takes precedent over DANE, or vice versa. Considering the security issue that it addresses, it would make sense that all TLS browsers attempt to DANE verify the connection (preferably over DNSSec) than traditional HTTPS

makerofthings7
  • 50,090
  • 54
  • 250
  • 536